CN111327594A - Webpage processing method and device, electronic equipment and storage medium - Google Patents

Webpage processing method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN111327594A
CN111327594A CN202010065603.5A CN202010065603A CN111327594A CN 111327594 A CN111327594 A CN 111327594A CN 202010065603 A CN202010065603 A CN 202010065603A CN 111327594 A CN111327594 A CN 111327594A
Authority
CN
China
Prior art keywords
webpage
request
web page
malicious
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010065603.5A
Other languages
Chinese (zh)
Inventor
陈增桂
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority to CN202010065603.5A priority Critical patent/CN111327594A/en
Publication of CN111327594A publication Critical patent/CN111327594A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application discloses a webpage processing method, a webpage processing device, electronic equipment and a storage medium, and relates to the technical field of network security, wherein the method comprises the following steps: acquiring an opening request of a first webpage; if the opening request of the first webpage is not triggered by the user, judging whether a malicious event exists or not; and if the malicious event exists, forbidding displaying the first webpage. According to the method and the device, the malicious event is detected when one webpage automatically triggers the other webpage to be opened, so that the automatically opened webpage is forbidden to be displayed when the malicious event exists, malicious attack is stopped in time, and the use safety of the terminal is improved.

Description

Webpage processing method and device, electronic equipment and storage medium
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method and an apparatus for processing a web page, an electronic device, and a storage medium.
Background
With the rapid development of network technology and terminal technology, more and more people surf the internet through terminals, and with the improvement of the demand for browsing web pages, the web pages which can be accessed by the terminals at present are various. However, when a user browses a web page at present, if malicious web pages are inadvertently triggered, the malicious web pages may automatically download malicious software such as viruses and the like, and may also continuously and automatically invoke and open other web pages, so that the user cannot normally use the terminal, and the terminal is easily attacked by the malicious web pages. Therefore, the use safety of the terminal is not high at present.
Disclosure of Invention
The embodiment of the application provides a webpage processing method and device, electronic equipment and a storage medium, and can improve the use safety of a terminal.
In a first aspect, an embodiment of the present application provides a method for processing a web page, where the method includes: acquiring an opening request of a first webpage; if the opening request of the first webpage is not triggered by the user, judging whether a malicious event exists or not; and if the malicious event exists, forbidding displaying the first webpage.
In a second aspect, an embodiment of the present application provides a web page processing apparatus, where the apparatus includes: the request acquisition module is used for acquiring an opening request of a first webpage; the event judgment module is used for judging whether a malicious event exists or not if the opening request of the first webpage is not triggered by the user; and the webpage display module is used for forbidding to display the first webpage if a malicious event exists.
In a third aspect, an embodiment of the present application provides an electronic device, including: a memory; one or more processors coupled with the memory; one or more application programs, wherein the one or more application programs are stored in the memory and configured to be executed by the one or more processors, and the one or more application programs are configured to perform the web page processing method provided by the first aspect.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, where a program code is stored in the computer-readable storage medium, and the program code may be called by a processor to execute the web page processing method provided in the first aspect.
According to the webpage processing method and device, the electronic equipment and the storage medium, whether a malicious event exists is judged by acquiring the opening request of the first webpage and if the opening request of the first webpage is not triggered by a user; and if the malicious event exists, forbidding displaying the first webpage. Therefore, according to the embodiment of the application, the malicious event is detected when one webpage automatically triggers the other webpage to be opened, so that the automatically opened webpage is forbidden to be displayed when the malicious event exists, malicious attack is stopped in time, and the use safety of the terminal is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 shows an application scenario diagram of a web page processing method provided by an embodiment of the present application.
Fig. 2 is a flowchart illustrating a web page processing method according to an embodiment of the present application.
Fig. 3 is a flowchart illustrating a web page processing method according to another embodiment of the present application.
Fig. 4 is a flowchart illustrating a web page processing method according to another embodiment of the present application.
Fig. 5 is a flowchart illustrating a web page processing method according to still another embodiment of the present application.
Fig. 6 is a flowchart illustrating a web page processing method according to still another embodiment of the present application.
Fig. 7 shows a schematic flowchart of step S520 in fig. 6.
Fig. 8 shows a schematic flowchart of step S540 in fig. 6.
Fig. 9 is a flowchart illustrating a web page processing method according to yet another embodiment of the present application.
Fig. 10 is a flowchart illustrating a web page processing method according to still another embodiment of the present application.
Fig. 11 shows a block diagram of a web page processing apparatus according to another embodiment of the present application.
Fig. 12 shows a block diagram of an electronic device according to an embodiment of the present application.
Fig. 13 illustrates a storage unit, provided in an embodiment of the present application, for storing or carrying program code for implementing a web page processing method according to an embodiment of the present application.
Detailed Description
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
For convenience of understanding, some terms referred to in the embodiments of the present application are explained below.
Interrupting: in the program running process, if an emergency occurs outside the system, inside the system or in the current program itself, the processor needs to intervene, the processor can automatically stop the running of the current program, automatically transfer to a processing program (an interrupt service program) corresponding to the occurred emergency, and return to continue executing the originally stopped program after the processing is finished, wherein the process can be called as interrupt.
Priority: the priority is a parameter for determining the priority level of each job program to receive system resources when the computer time-sharing operating system processes a plurality of job programs. And processing the data with high priority first and processing the data with low priority later.
Referring to fig. 1, fig. 1 is a schematic view illustrating an application scenario of a web page processing method provided in an embodiment of the present application, where the application scenario includes a communication system 10 provided in the embodiment of the present application. The communication system 10 includes: a terminal device 100 and a server 200.
In the embodiment of the present application, the terminal device 100 may be an electronic device having an internet access function. The terminal device 100 may be, but not limited to, a mobile phone, a tablet computer, an MP3 player (Moving Picture Experts group audio Layer iii, motion video compression standard audio Layer 3), an MP4 player (Moving Picture Experts group audio Layer iv, motion video compression standard audio Layer 4), a personal computer, or a wearable electronic device, and so on. The embodiment of the present application does not limit the specific type of the terminal device.
In this embodiment, the server 200 may be an individual server, a server cluster, a local server, or a cloud server, and this embodiment of the present application does not limit a specific server type.
In some embodiments, the terminal device 100 runs a client with a web page display function, and the client may be a browser application, an instant messaging application, a social application, a rich media application, or the like. For example, when a user accesses the internet using a browser application, the terminal device 100 can acquire and display a web page that the user wants to access.
In some embodiments, the terminal device 100 and the server 200 are located in a wireless network or a wired network, and the terminal device 100 and the server 200 may perform data interaction, in one example, the terminal device 100 may obtain web page content from the server 200 through the network to generate and display a web page at the terminal device 100 according to the web page content.
However, when a user browses a webpage based on a terminal device, if a disguised malicious webpage is not noticed, the malicious webpage can automatically download viruses or junk software and the like, some malicious webpages can automatically pop up a plurality of webpages, and other webpages are continuously called and opened, so that the user is difficult to normally use the mobile phone, and the malicious webpage brings great trouble to the user in the process of using the terminal device, and even can cause safety problems such as information leakage and property loss.
Therefore, based on the above problems, embodiments of the present application provide a method, an apparatus, a system, an electronic device, and a storage medium for processing a web page, which can automatically detect a malicious event when a user browses a web page, and automatically stop displaying a related web page when the malicious event is detected, so as to timely prevent malicious attack and improve the use security of a terminal. The following will be described in detail by way of specific examples.
Referring to fig. 2, fig. 2 is a schematic flowchart illustrating a web page processing method according to an embodiment of the present application, and the web page processing method can be applied to the terminal device. The flow shown in fig. 2 will be described in detail below. The web page processing method may include the steps of:
step S110: an opening request of a first webpage is obtained.
The terminal device can be operated with a client for displaying a web page. The opening request of the first webpage is used for opening the first webpage, namely the first webpage is displayed. Therefore, the client acquires the opening request of the first webpage, and can display the first webpage when responding to the opening request of the first webpage, so that a user can browse the first webpage based on the client.
In an embodiment, taking a browser client as an example, the first webpage opening request may include a network address (also called a link or Uniform Resource Locator (URL)) corresponding to the first webpage, and the following description is continued by taking a process of requesting a webpage according to an input network address (also called a Uniform Resource Locator (URL)) as an example, first, a user may input the URL, perform Domain Name System (DNS) resolution on the URL to find an IP address of a server corresponding to the URL, establish a TCP connection based on a Transmission Control Protocol (TCP) through the IP address, send an HTTP request based on a hypertext transfer Protocol (HTTP), receive webpage data returned by the server, parse and render the webpage data, display content corresponding to the webpage data on the client, so as to open the webpage, the client may then disconnect the TCP connection.
As an implementation mode, a user can directly input text information or other types of input information, and a client can acquire a URL corresponding to the input information; as another embodiment, the user may click a control displayed on the web page, and trigger the client to obtain the URL corresponding to the control, so that the client may obtain the URL input by the user. The user may also input the URL in other manners to enable the client to obtain the URL, which is not limited in this embodiment.
Step S120: and if the opening request of the first webpage is not triggered by the user, judging whether a malicious event exists.
In some implementations, the request to open the first web page can be user-triggered. The client side can acquire an opening request of the first webpage by monitoring input operation of a user. The input operation by the user may be a contact input operation or a non-contact input operation. For example, a user may click a button, an option, a link, or the like associated with a web page through a contact-type input operation, and the client may detect an object currently clicked by the user through monitoring the user operation, so as to obtain an open request of the web page corresponding to the object to display the web page at the front end for the user to browse or view. For another example, the user may also make the client obtain an open request of the web page through a non-contact input operation such as voice, image input, and the like.
As an embodiment, the client may have an information input area, the information input by the user in the information input area can be collected by the client, and the client may obtain the opening request of the first webpage based on the collected information.
As another embodiment, a web page displayed by the client may include an input control, and the client may detect a trigger operation of a user on the input control, so as to obtain an operation instruction corresponding to the input control triggered by the user, and if the operation instruction is used to jump to the first web page, the client may obtain an opening request of the first web page at this time, and open the first web page based on the opening request.
In yet another embodiment, the terminal may jump to another client based on an input operation of the user detected by the one client, and display a web page corresponding to the input operation based on the other client. That is to say, a user may perform an input operation on a first client, and the first client sends the input operation to the system after detecting the input operation, so that a second client is called by the system to obtain an opening request of a web page corresponding to the input operation, so as to open the web page corresponding to the input operation.
As still another embodiment, the client may further detect a non-contact input operation, such as a voice input operation, an image input operation, and the like, that is, a user may input information through voice so that the client can receive the voice input information and thereby obtain an opening request of the first webpage, and may also input information through an image so that the client can receive the image input information and thereby obtain an opening request of the first webpage.
In some possible embodiments, the terminal may be provided with an image acquisition module and an image recognition module, the image acquisition module may acquire a user input image, the image recognition module recognizes characteristics of the user input image, and the user input image may be an image including characteristics of a user action, an expression, and the like, so that the client may obtain an opening request of a web page corresponding to the characteristics of the action, the expression, and the like, based on the action recognition, the face recognition, and the like.
It can be understood that, in the embodiment of the present application, the terminal device may obtain the request for opening the web page in various ways, which is not limited in the embodiment of the present application.
In other embodiments, the request to open the first web page may not be user-triggered. Since a malicious web page may automatically trigger the display of the next web page, the open request for the first web page may be web page triggered, rather than user triggered. For example, when the client displays the a webpage, the a webpage may automatically trigger the b webpage to open, that is, when the user triggers the a webpage to display, the client may display the a webpage and the b webpage.
In some embodiments, when the a webpage triggers the b webpage to be opened, as an implementation, the a webpage and the b webpage can be displayed in different windows of the client; as another embodiment, the b-web page can be covered in the display area of the a-web page to be displayed when the b-web page is opened, that is, the b-web page is displayed at the front end, the a-web page is displayed at the rear end, the a-web page can be continuously displayed after the b-web page is closed by the user, that is, the user can continuously view the a-web page. As another embodiment, the a-web page triggers to open the b-web page, and the b-web page can be skipped from the a-web page to the b-web page, that is, the front end only displays the b-web page, and the a-web page can be displayed when the user triggers to return operation based on the b-web page, but if the user closes the b-web page, the client does not display the a-web page and the b-web page.
As previously described, the request to open the first web page may or may not be user-triggered. In some embodiments, the client may obtain a request mode of an opening request of the first webpage to determine whether a malicious event exists, where the request mode includes a user trigger and a non-user trigger, and if the request mode of the opening request of the first webpage is the non-user trigger, it is determined that the opening request of the first webpage is not the user trigger. Wherein the non-user trigger is an automatic trigger which is not allowed by the user. As one mode, the request for opening the first webpage may include a request flag, the request flag may be obtained by obtaining the request flag, the request flag may be 1 or 0, 1 corresponds to user trigger, and 0 corresponds to non-user trigger.
In other embodiments, the client stores a web page request record, where the web page request record stores historical data of the opening requests acquired by the client, and stores each opening request and a trigger object associated with the opening request, where the trigger object is an object that triggers the opening request. The client may obtain a trigger object associated with the open request of the first web page according to the web page request record. If the trigger object is the input operation of the user, the opening request of the first webpage can be judged to be the user trigger, and if the trigger object is not the input operation of the user, the opening request of the first webpage can be judged not to be the user trigger. The input operation of the user may be a trigger operation based on a web page, such as a click on content displayed on the web page, or a trigger operation based on a client, such as an input operation performed in a search box or other area of the client, a click on a website stored in the client, or the like.
In still other embodiments, after a web page is opened, if the client does not monitor an input operation for opening the web page, an opening request of the first web page is obtained, and it may be determined that the opening request of the first web page is not triggered by the user. In an embodiment, when the client receives an input operation of a user, the client acquires an opening request of the first webpage in response to the input operation, and it may be determined that the opening request of the first webpage is triggered by the user.
Since only one click is triggered when a user browses a webpage, when a client responds to the click operation to display the next webpage, other webpages are automatically popped up, and even viruses, junk software or other malicious software are automatically triggered to be downloaded, and the malicious attacks bring potential safety hazards to terminal equipment of the user. The operation to be automatically executed is an operation that is executed without being triggered by a user and without being approved by the user. In the embodiment of the present application, the malicious event is an event triggered by a malicious web page, and may include an event that the web page automatically triggers to open another web page or automatically downloads data, where the data may include viruses, malware and other data.
In some embodiments, if the request for opening the first webpage is not triggered by the user, the client may detect whether a target webpage requesting to open the first webpage also opens other webpages, and if so, may determine that a malicious event exists. In other embodiments, if yes, the comparison may be further performed on the number of web pages opened by the target web page, and if the number exceeds a predetermined number, it is determined that a malicious event exists. For a specific implementation, it is not repeated herein in detail in the following embodiments.
In some embodiments, if the opening request of the first webpage is not triggered by the user, the client may further detect whether the opening request of the first webpage is also related to the opening request of the next webpage. If so, the presence of the malicious event can also be determined. One of the specific embodiments can be seen in the following examples, which are not repeated herein.
In some embodiments, if the request for opening the first webpage is not triggered by the user, the client may further monitor an input operation of the user, and when the user triggers a predetermined input operation, the client may detect the input operation to determine that a malicious event exists. Therefore, when the client cannot prevent malicious attacks by self and the user cannot control the mobile phone, the input operation of the user is detected to interrupt the program, so that the program corresponding to the input operation of the user is preferentially executed, the malicious attacks are prevented in time, and the use safety of the terminal is improved. One of the specific embodiments can be seen in the following examples, which are not repeated herein.
Step S130: and if the malicious event exists, forbidding displaying the first webpage.
If the malicious event exists, the client can forbid the display of the first webpage, and prevent the malicious attack caused by the malicious event, so that the possible loss to the user is avoided in time.
The display prohibition of the first webpage may be to close the first webpage being displayed, or to prohibit the first webpage from being opened, that is, not to execute the action of opening the first webpage.
In some embodiments, the inhibiting of opening the first web page may be performed if the client detects the presence of a malicious event while not responding to the opening request for the first web page.
In other embodiments, if the client has responded to the request for opening the first webpage and has opened the first webpage, the first webpage may be closed to prohibit the first webpage from being displayed.
Further, in some embodiments, after the first webpage is closed or prohibited from being opened, the opening request of the first webpage may be further stored into a blacklist, so that the first webpage is not opened and is not displayed even if the opening request of the first webpage is received again.
In one embodiment, the client may not execute the opening request of the first webpage by discarding the opening request of the first webpage or moving the opening request of the first webpage out of a current request execution queue, wherein the request execution queue comprises at least one request to be executed.
In another embodiment, the client may also store the opening request of the first webpage in a blacklist so that the first webpage is not opened even if the opening request of the first webpage is received again in the following.
In some embodiments, the client may also disable the display of more than the first web page, and the display of other web pages. The detailed description of the embodiments can be seen in the following examples, which are not repeated herein.
In some embodiments, if there is a malicious event, the terminal device may further interrupt the request of the client to all the web pages, so as to prevent the web pages from continuously requesting data, thereby preventing malicious attacks in time. In some embodiments, if the malicious event also triggers the automatic downloading, the terminal device may also stop running the application that is automatically downloaded and installed, and stop downloading the content that is automatically downloaded from the web page.
In some embodiments, the terminal device may also prompt the user to purge the automatically downloaded content. In other embodiments, the terminal device may also automatically clear the automatically downloaded content, which is not limited in this embodiment. Therefore, the automatically downloaded content can be cleared in time, and further security threat to the terminal equipment is avoided.
In some embodiments, after the first webpage is prohibited from being displayed, the method may further continue to return to execute the open request for obtaining the first webpage, and continue to detect the malicious event.
According to the webpage processing method provided by the embodiment of the application, through acquiring the opening request of the first webpage, if the opening request of the first webpage is not triggered by a user, whether a malicious event exists is judged; and if the malicious event exists, forbidding displaying the first webpage. Therefore, according to the embodiment of the application, the malicious event is detected when one webpage automatically triggers the other webpage to be opened, so that the automatically opened webpage is forbidden to be displayed when the malicious event exists, malicious attack is stopped in time, and the use safety of the terminal is improved.
Referring to fig. 3, fig. 3 is a flowchart illustrating a web page processing method according to another embodiment of the present application, which is applicable to the terminal device, and the web page processing method may include:
step S210: an opening request of a first webpage is obtained.
Step S220: and if the opening request of the first webpage is not triggered by the user, determining a target webpage requesting to open the first webpage according to the opening request of the first webpage.
If the opening request of the first webpage is not triggered by the user, the target webpage of the first webpage can be determined to be requested to be opened according to the opening request of the first webpage. For example, after the user triggers the a webpage to be opened, the client displays the a webpage and also obtains an opening request of the b webpage, and when the client is instructed to display the b webpage, the client can determine that a target webpage requesting to open the first webpage is the a webpage according to the opening request of the b webpage.
In some embodiments, the client may store the opening request of each web page, so that an object requesting to open the web page may be determined according to the opening request of the web page, and if the opening request of the web page is triggered by the user, the object may be an object corresponding to an input operation of the user, and if the opening request of the web page is not triggered by the user, the object may be the web page.
Step S230: and detecting the number of the web pages requested to be opened by the target web page.
When one webpage automatically triggers and displays other webpages, a malicious event may exist at the moment, and the terminal may be attacked maliciously. Therefore, after determining that a target webpage of the first webpage is requested to be opened according to the opening request of the first webpage, detecting the quantity of the webpages requested to be opened by the target webpage to judge whether malicious events exist, and judging that the malicious events exist when the quantity of the webpages exceeds a preset quantity, wherein the malicious events are triggered by the target webpage at the moment, and the target webpage is a malicious webpage.
In some embodiments, the target webpage can be determined according to the webpage request record of the client, the opening request of the webpage with the trigger object as the target webpage can also be searched according to the target webpage, and the quantity of the opening requests of the webpage with the trigger object as the target webpage is obtained according to the search result and is used as the quantity of the webpage requested to be opened by the target webpage, wherein the quantity of the webpage requested to be opened by the target webpage is greater than or equal to 1 because the first webpage is triggered by the target webpage.
In other embodiments, the client may further determine whether there is a target web page that requests to open more than a predetermined number of web pages according to the number of web page opening requests acquired within a predetermined time period. At this time, as one mode, the client may start timing when acquiring an open request of one web page, accumulate the number of open requests of the web page acquired by the client within a predetermined time period, and determine that a malicious event exists when the number exceeds a predetermined number.
The predetermined time period may be preset by a program, may also be customized by a user, and may also be determined according to actual needs, for example, the predetermined time period may be determined according to a network transmission rate, and within a certain range, the higher the network transmission rate is, the shorter the predetermined time period is, the lower the network transmission rate is, the higher the predetermined time period may be. Specifically, how to determine the size of the predetermined time period according to the network transmission rate, the terminal may preset a mapping relationship between the network transmission rate and the terminal, so as to determine the predetermined time period according to the network transmission rate according to the mapping relationship after the network transmission rate is obtained. In some examples, the predetermined time period may be 100ms, 300ms, 500ms, 1s, and the like, which is not limited by the present embodiment.
Step S240: and when the number of the web pages exceeds a preset number, judging that a malicious event exists.
The predetermined number may be preset by a program, may also be customized by a user, and may also be determined according to actual needs, which is not limited in this embodiment. The predetermined number may be 0 or any positive integer, and when the predetermined number is 0, and when the client detects that the first webpage is not triggered by the user, that is, the predetermined number is exceeded, it may be determined that a malicious event exists. It can be understood that the lower the predetermined number, the faster the malicious event can be detected, improving the detection efficiency.
In a possible embodiment, since one web page automatically triggers the next web page, it may be determined that a malicious event exists, and when it is detected that the opening request of the first web page is not triggered by the user, it may be determined that a malicious event exists without performing steps S220 to S240.
Step S250: and if the malicious event exists, forbidding displaying the first webpage.
In some embodiments, the client may prohibit displaying the first web page if there is a malicious event.
In other embodiments, if there is a malicious event, the client may further prohibit displaying other web pages requested to be opened by the target web page, and thus the specific implementation of step S250 may be: and if the malicious event exists, forbidding displaying the webpage requested to be opened by the target webpage. Therefore, when a malicious event is detected, the display of the automatically opened webpage which is not triggered by the user is prohibited in time, and therefore malicious attacks to the terminal equipment possibly caused by the automatically opened webpage can be prevented in time.
The specific implementation of prohibiting display is as described in the above embodiments, and is not described herein again.
It should be noted that, for parts not described in detail in this embodiment, reference may be made to the foregoing embodiments, and details are not described herein again.
According to the webpage processing method provided by the embodiment, the opening request of the first webpage is obtained, when the opening request of the first webpage is not triggered by a user, the target webpage of the first webpage is determined to be requested to be opened according to the opening request of the first webpage, when the number of the webpages requested to be opened by the target webpage exceeds the preset number, it is judged that a malicious event exists, and when the malicious event exists, the display of the first webpage is prohibited. Therefore, the malicious event that the webpage automatically triggers to open one or more webpages can be detected, and the malicious attack triggered by the malicious webpage can be detected and prevented in time. In addition, all the webpages requested to be opened by the target webpage can be prohibited from being displayed, and the security threat which is possibly brought to the terminal by all the automatically opened webpages can be prevented, so that the use security of the terminal is further improved, and the information and property security of the user is protected.
In some embodiments, some malicious web pages can automatically trigger to open a next web page, and the next web page can continuously trigger to open other web pages, so that the event of chain-open web pages can be used as a malicious event to detect and judge the malicious event, and therefore, when the malicious event of chain-open web pages occurs, the malicious event can be detected by the terminal, and the web pages can be prohibited from being displayed in time, so that attacks to the terminal possibly caused by the malicious event can be reduced or even avoided, and the use safety of the terminal is improved. Specifically, please refer to fig. 4, which illustrates a web page processing method according to another embodiment of the present application, where the method may include the following steps:
step S310: an opening request of a first webpage is obtained.
Step S320: and if the opening request of the first webpage is not triggered by the user, detecting whether the first webpage requests to open the second webpage or not.
It should be noted that, in the embodiment of the present application, "first" and "second" in the first web page and the second web page are not specifically referred to, but refer to two web pages.
Since one web page automatically triggers an open request of another web page and another web page automatically triggers an open request of another web page, it can be considered as a malicious event from one web page to another or another web page, and at this time, the terminal may be subjected to malicious attack. Therefore, if the opening request of the first webpage is not triggered by the user, whether the first webpage requests to open the second webpage or not is detected, and when the first webpage requests to open the second webpage, the malicious event is judged to exist, so that the event of chain webpage opening can be detected, and malicious attack caused by the type of malicious event can be prevented. In one example, if a-web page automatically triggers an open request for b-web page to open b-web page, which in turn automatically triggers an open request for c-web page to open c-web page, it may be determined that a first web page (in this example b-web page) requests to open a second web page (in this example c-web page) to determine that a malicious event exists.
In some embodiments, the client may search for an opening request of a webpage with a trigger object being the first webpage according to the first webpage, and if the opening request of the webpage can be found, the found webpage is used as the second webpage, and it may be determined that the first webpage requests to open the second webpage.
In other embodiments, if the opening request of the first webpage is not triggered by the user, the client may monitor the opening request of the next webpage, and if the trigger object of the opening request is the first webpage, the webpage corresponding to the opening request is used as the second webpage, that is, the client may detect that the first webpage requests to open the second webpage.
Step S330: and if the first webpage requests to open the second webpage, judging that a malicious event exists.
If the first webpage requests to open the second webpage, the client can judge that a malicious event exists.
Step S340: and if the malicious event exists, forbidding displaying the first webpage.
In some embodiments, the terminal device may further prohibit displaying the second webpage if there is a malicious event. Therefore, when a malicious event is detected, the display of the automatically opened webpage which is not triggered by the user is prohibited in time, and therefore malicious attacks to the terminal equipment possibly caused by the automatically opened webpage can be prevented in time.
It should be noted that, for parts not described in detail in this embodiment, reference may be made to the foregoing embodiments, and details are not described herein again.
In some embodiments, the client can detect all the malicious events, so that when the malicious events exist, malicious attacks possibly caused by the malicious events are prevented in time, the use safety of the terminal is further improved, and the missing rate of the malicious events is reduced. Specifically, please refer to fig. 5, which illustrates a web page processing method according to still another embodiment of the present application, where the method may include the following steps:
step S410: an opening request of a first webpage is obtained.
Step S420: and if the opening request of the first webpage is not triggered by the user, determining a target webpage requesting to open the first webpage according to the opening request of the first webpage.
Step S430: and detecting the number of the web pages requested to be opened by the target web page.
Step S440: it is determined whether the number of web pages exceeds a predetermined number.
In this embodiment, after determining whether the number of web pages exceeds the predetermined number, the method further includes:
if the number of web pages exceeds the predetermined number, step S470 can be executed.
If the number of web pages does not exceed the predetermined number, step S450 can be executed.
Step S450: whether the first webpage requests to open the second webpage is detected.
Step S460: and if the first webpage requests to open the second webpage, judging that a malicious event exists.
Step S470: and judging that the malicious event exists.
And if the number of the web pages exceeds the preset number, judging that a malicious event exists.
Step S480: and if the malicious event exists, forbidding displaying the first webpage.
It should be noted that, for parts not described in detail in this embodiment, reference may be made to the foregoing embodiments, and details are not described herein again.
On the basis of the foregoing embodiment, when the request for opening the first web page is not triggered by the user, the method for processing the web page provided in this embodiment detects whether the target web page requesting to open the first web page requests to open more than a predetermined number of web pages, and then detects whether the first web page requests to open the second web page when the target web page does not open more than the predetermined number of web pages, so that malicious events of different types can be detected, thereby preventing malicious attacks of different types and improving the use security of the terminal.
In addition, in some embodiments, some malicious web pages do not trigger opening of multiple web pages, but still cause security threats to the terminal device, for example, some malicious web pages trigger a download task to automatically download malicious software, viruses, and the like, so that a user cannot normally use the terminal and cannot operate the terminal, even if the user wants to exit a current page or finish downloading, the user cannot normally use the terminal, and loss of user information and property security may be caused at this time. Therefore, in order to reduce the undetected rate of malicious events and prevent omission, the process triggered by the malicious webpage can be interrupted by detecting and responding to the return request, so that the operation corresponding to the return request is executed, a user can timely retrieve the control right of the terminal equipment by triggering the return request, and the malicious attack is prevented as soon as possible. Specifically, please refer to fig. 6, which illustrates a web page processing method according to another embodiment of the present application, where the method may include the following steps:
step S510: an opening request of a first webpage is obtained.
Step S520: and if the opening request of the first webpage is not triggered by the user, detecting whether a continuous return request exists.
Wherein successive return requests are triggered by at least two successive return operations. The continuous return request may also be triggered by three continuous return operations, and the present embodiment does not limit the specific times. The fewer the number of times, the faster the continuous return request can be detected to improve the response speed to the input operation by the user.
For example, when the client opens the a-web page and then opens the b-web page, the user triggers the return operation, and the client can cancel the operation of opening the b-web page according to the return operation, so as to quit the currently displayed b-web page and display the previously opened a-web page.
Wherein the return operation is triggered by the user. In some implementations, the user can trigger the return request by triggering a return operation. The trigger operation may be a gesture, an action, a voice, a key, or the like, the key may further include a virtual key, an entity key, or the like, which is not limited herein, for example, the terminal may preset a mapping relationship between the trigger operation and the request, so that the corresponding request may be determined by detecting the trigger operation.
As an embodiment, the terminal device may detect a gesture acting on the terminal device to obtain the return request, for example, the user may perform a sliding operation on the display screen of the terminal device along a predetermined direction, for example, to the left, that is, the user may trigger the return request by sliding left on the display screen, so that the terminal device can obtain the return request.
As another embodiment, the terminal device may detect a trigger operation applied to a return key to obtain the return request, where the return key is a key used to trigger the return request, and the terminal device may obtain the return request by monitoring the trigger operation based on the return key. In one example, the terminal device may display a virtual key for triggering the return request, that is, a return key, where the return key may be one virtual key of a floating window, and the client display interface may display one virtual key, where the user may trigger the return request by clicking or other triggering operation on the return key, and the terminal device may detect the return request. In another example, the key may also be a physical key, which is not limited in this embodiment.
In some embodiments, the specific implementation of detecting whether there is a continuous return request may include steps S521 to S522, specifically, referring to fig. 7, which shows a flowchart of step S520 in fig. 6, and step S520 may include:
step S521: the number of triggers of a return request within a predetermined time interval is accumulated upon detection that a return request is triggered.
In some embodiments, upon detecting that a return request is triggered, a timer is started that counts the number of triggers for return requests within an expected time interval. The predicted time interval may be preset by a program, may be customized by a user, and may be determined according to actual needs. In some examples, the predetermined time interval may be 300ms, 500ms, 1s, and the like, which is not limited by the embodiment.
In one example, if the predetermined time interval is 1s, when it is detected that the user presses the return key, the number of times of continuously pressing the return key within 1s may be accumulated to be 3 times, that is, the number of times of triggering is 3 times.
Step S522: when the number of triggers exceeds a predetermined number of triggers, it is determined that there is a continuous return request.
The preset triggering times are more than or equal to 2, and the specific numerical value can be preset by a program, can be self-defined by a user and can be determined according to actual needs. For example, the terminal device may preset a mapping relationship between the continuous return request and the number of triggers of the return request, where the predetermined number of triggers may correspond to the continuous return request. Thus, it can be determined that there is a continuous return request when the number of triggers exceeds a predetermined number of triggers.
Step S530: and if the continuous return requests exist, judging that the malicious event exists.
If there are continuous return requests, the client may determine that there is a malicious event. In some embodiments, if the a-web page automatically triggers the b-web page to open, but the b-web page does not automatically trigger the c-web page to open, but at least one of the a-web page and the b-web page may have viruses, software or other data to download forcibly, the user may want to forcibly exit both of the a-web page and the b-web page or want to stop downloading, at which point the user may continue to press the return key. Therefore, in order to enable the user to timely retrieve the control right of the terminal device, the continuous return requests triggered by the user continuously pressing the return key are detected, the user requirements are timely responded, the existence of malicious events is judged, and therefore malicious attacks are timely prevented.
Step S540: and if the malicious event exists, forbidding displaying the first webpage.
In some embodiments, the specific implementation of prohibiting the display of the first webpage may include steps S541 to S542, specifically, referring to fig. 8, which shows a flowchart of step S540 in fig. 6, and step S540 may include:
step S541: based on the predetermined priority, at least one of the consecutive return requests is responded to when the consecutive return requests are detected.
Wherein the return request is operable to disable display of the first web page. In one example, a user triggers a return request while the client displays a first web page, the client is able to detect the return request and respond to at least one of the continuous return requests when the continuous return request is detected.
The priority of the response return request is higher than that of the response webpage opening request, wherein the webpage opening request comprises the webpage opening and the downloading request triggered by the webpage opening. Therefore, when the webpage automatically triggers to open other webpages or forcibly downloads, the user triggers the continuous return requests, the terminal equipment can detect the continuous return requests, judge that malicious events exist, and preferentially respond to at least one return request to interrupt the process corresponding to the webpage opening request, so that the user can timely retrieve the control right of the interrupt equipment by triggering the return request to prevent malicious attacks as soon as possible.
In some embodiments, in the priorities preset by the terminal device in the past, the priority of the system request or the application request is often higher than that of the request for the virtual key, so that in the process of responding to the system request by the terminal device, even if the user continuously triggers the return request, the terminal device may not be prevented from continuously responding to the system request. The malicious webpage automatically triggers requests for opening other webpages or triggering downloading tasks and the like, which belong to system requests, so that a user cannot timely stop the terminal equipment to continuously respond to the requests triggered by the malicious webpage according to the prior preset priority, the user cannot control the terminal equipment, and the terminal equipment can be attacked maliciously. Therefore, one of the implementation manners of this embodiment provides a new interrupt priority of the terminal device, that is, a predetermined priority, so that the priority of the request of the terminal device for the virtual key is higher than the priority of the request for the system, so that when the terminal responds to the system request, the user can interrupt the response to the system request by triggering the return request, so that the terminal responds to the return request preferentially, so that the user can obtain the control right of the terminal device in time, and avoid the attack of a malicious web page as soon as possible.
In some embodiments, the predetermined priority may be set as table 1 below, and as shown in table 1, the interrupt types include a power key, a volume key, a virtual key, a touch screen, a system request, and an application request, where the power key has the highest priority, the second is the volume key, the third is the virtual key, the fourth is the touch screen, the fifth is the system request, and the sixth is the application request. The return key priority level of the virtual key is higher than that of the system request and the application request. Therefore, the terminal processor responds the return request preferentially, the control requirement of the user on the terminal is met, and the situation that the terminal responds to the request of the application or the system all the time and cannot be controlled by the user is avoided. Therefore, the user can obtain the control right of the terminal in time and avoid the attack of the malicious webpage as soon as possible.
TABLE 1
Interrupt type Priority level
Power supply key 1
Volume key 2
Virtual key 3
Touch screen 4
System request 5
Application request 6
In some embodiments, the response of the terminal device to the system request when the webpage triggers to open other webpages or automatically downloads the webpages, and the response of the terminal to the user pressing the return key belongs to the response of the terminal device to the virtual key. Therefore, according to the setting of the preset priority shown in table 1, the priority of the return request of pressing the return key is higher than that of the system request, so that the processor of the terminal device can respond to the return request of pressing the return key preferentially, and a user can trigger the return request by pressing the return key to acquire the control right of the terminal device in time, and can prevent or even prevent the attack of malicious web pages.
Step S542: in response to the return request, display of the first web page is prohibited.
The client may prohibit displaying the first webpage in response to the return request, where specific implementation of prohibiting displaying may refer to the foregoing embodiments, and details are not described herein again.
It should be noted that, for parts not described in detail in this embodiment, reference may be made to the foregoing embodiments, and details are not described herein again.
In some embodiments, the malicious web page may trigger a plurality of malicious events, and in order to detect different malicious events, and improve the detection efficiency, and when the malicious webpage is detected and the attack of the malicious webpage is prevented in time, when the opening request of the first webpage is not triggered by the user, it may be detected whether a target web page requesting to open a first web page simultaneously requests to open other web pages, then when the number of the other web pages requested to be opened by the target web page does not exceed the preset number, detecting whether the first web page requests to open other web pages or not so as to detect the continuous return request when the first web page does not request to open other web pages, therefore, the malicious events can be automatically detected and prevented through the first two items, the missing rate of the malicious events is reduced through the detection of the continuous return requests, and the operation that a user needs to forcibly quit or stop the malicious attack is responded. Specifically, please refer to fig. 9, which illustrates a web page processing method according to yet another embodiment of the present application, where the method may include the following steps:
step S610: an opening request of a first webpage is obtained.
Step S620: and if the opening request of the first webpage is not triggered by the user, determining a target webpage requesting to open the first webpage according to the opening request of the first webpage.
Step S630: and detecting the number of the web pages requested to be opened by the target web page.
Step S640: it is determined whether the number of web pages exceeds a predetermined number.
In this embodiment, after determining whether the number of web pages exceeds the predetermined number, the method further includes:
if the number of web pages exceeds the predetermined number, step S680 can be executed.
If the number of web pages does not exceed the predetermined number, step S650 can be executed.
Step S650: whether the first webpage requests to open the second webpage is detected.
If the number of the web pages does not exceed the preset number, the terminal equipment can detect whether the first web page requests to open the second web page.
In this embodiment, after detecting whether the first webpage requests to open the second webpage, the method further includes:
if the first webpage requests to open the second webpage, step S680 may be executed.
If the first web page does not request to open the second web page, step S660 can be executed.
Step S660: it is detected whether there are consecutive return requests.
If the first webpage does not request to open the second webpage, the terminal equipment can detect whether a continuous return request exists. Therefore, when the client cannot or has not come to detect the malicious event through the method steps, the missing detection of the malicious event can be prevented by detecting the continuous return request. And the detection speed of the malicious event can be increased, so that the malicious attack can be prevented as soon as possible.
Step S670: and if the continuous return requests exist, judging that the malicious event exists.
Step S680: and judging that the malicious event exists.
If the number of web pages exceeds a predetermined number, it may be determined that a malicious event exists. Therefore, the terminal equipment can detect malicious events of the webpage automatically triggering the plurality of webpages, and prevent malicious attacks in time when the malicious events are detected.
If the first webpage requests to open the second webpage, it can also be determined that a malicious event exists. Therefore, the terminal equipment can detect the malicious event of opening the next webpage of the webpage in a continuous chain mode, and prevent malicious attack when the malicious event is detected.
Step S690: and if the malicious event exists, forbidding displaying the first webpage.
It should be noted that, for parts not described in detail in this embodiment, reference may be made to the foregoing embodiments, and details are not described herein again.
Referring to fig. 10, a flowchart of a web page processing method according to still another embodiment of the present application is shown, specifically, the method may include:
step S1: all web page open triggers are monitored.
The terminal device can monitor all webpage opening triggering events, namely can monitor the webpage opening request.
Step S2: and detecting whether the page a automatically opens the page b.
The terminal equipment can detect whether the webpage a automatically opens the webpage b when the webpage a opens, and can monitor whether the webpage a also simultaneously opens other webpages when the webpage a automatically opens the webpage b is detected, namely, whether the number of the automatically opened webpages of the webpage a is more than or equal to 2 is detected.
Step S3: and detecting whether the number of automatically opened web pages of the web pages is more than or equal to 2 or not.
When the terminal device detects that the number of the automatically opened web pages of the web page a is more than or equal to 2, the terminal device can judge that the web page a triggers malicious attack, namely a malicious event exists, and at this moment, the step S6 can be executed; when it is detected that the number of automatically opened web pages of the a-web page is less than 2, step S4 may be executed.
Step S4: and detecting whether the page b automatically opens the page c.
And the terminal equipment detects that the web page a only automatically opens the web page b, namely detects that the number of the automatically opened web pages of the web page a is less than 2, and detects whether the web page b automatically opens the web page b. When detecting that the web page b automatically opens the web page c, the terminal device judges that the attack is a malicious attack from the web page a to the web pages b and c, namely a malicious event exists, and at this time, the step S6 can be executed; step S5 may be performed upon detecting that the b-page does not automatically trigger opening of the c-page.
Step S5: whether three consecutive return key-based depression events are detected.
If the terminal device detects that the b webpage does not automatically trigger the c webpage to be opened, but the a webpage and the b webpage may have viruses, malicious software or other data which are forcibly downloaded, the user wants to forcibly quit the two webpages or stop downloading, and at the moment, the user may continuously press the return key and continuously trigger the pressing event based on the return key. The terminal device detects the pressing event based on the return key for three times, and when the pressing event is detected, the terminal device can judge that a malicious event exists at the moment, and possibly a webpage a and a webpage b are attacked maliciously, and at the moment, the step S6 can be executed; if not, the method may return to step S2 to continue monitoring the triggering event of web page opening, and monitor whether the a web page automatically triggers opening the b web page.
In addition, "a", "b", and "c" in the a-web page, the b-web page, and the c-web page are not particularly limited, but refer to three web pages.
Step S6: interrupting the client's request for all web pages.
Step S7: the automatic download of the installed application is stopped.
Step S8: the downloading of the automatically downloaded content is stopped.
Step S9: the user is prompted to clear the automatically downloaded content.
If the webpage attack event is judged to be malicious, the terminal device interrupts the request of the browser for all webpage networks at the moment, closes the automatically triggered and opened webpage at the same time, stops running the automatically downloaded and installed application, stops downloading the automatically downloaded content of the webpage, and finally prompts the user to clear the automatically downloaded content.
In some embodiments, the terminal device may also automatically clear the automatically downloaded content, so that the automatically downloaded content may be cleared in time to avoid further security threats to the terminal device.
Referring to fig. 11, which shows a block diagram of a web page processing apparatus 1100 according to an embodiment of the present application, where the web page processing apparatus 1100 is applicable to the terminal device, and the web page processing apparatus 1100 may include: a request acquisition module 1110, an event determination module 1120, and a web page display module 1130.
A request obtaining module 1110, configured to obtain an opening request of a first webpage;
an event determining module 1120, configured to determine whether a malicious event exists if the request for opening the first webpage is not triggered by the user;
the web page display module 1130 is configured to prohibit displaying the first web page if a malicious event exists.
Further, the event determining module 1120 may include: the device comprises a target determining submodule, a quantity detecting submodule and a quantity judging submodule, wherein:
the target determining submodule is used for determining a target webpage which requests to open the first webpage according to the opening request of the first webpage;
the quantity detection submodule is used for detecting the quantity of the web pages requested to be opened by the target web page;
and the quantity judgment submodule is used for judging that a malicious event exists when the quantity of the web pages exceeds a preset quantity.
Further, the web page display module 1130 may include: a target disable sub-module, wherein:
and the target prohibition submodule is used for prohibiting displaying the webpage requested to be opened by the target webpage.
Further, the event determining module 1120 may further include: webpage detection submodule and continuous detection submodule, wherein:
the webpage detection submodule is used for detecting whether the first webpage requests to open a second webpage or not;
and the continuous detection submodule is used for judging that a malicious event exists if the first webpage requests to open the second webpage.
Further, the web page processing apparatus 1100 further includes: a second disabling module, wherein:
and the second prohibition module is used for prohibiting the second webpage from being displayed.
Further, the webpage detection sub-module includes: first determining unit, first detecting element and second detecting element, wherein:
the first determining unit is used for determining a target webpage which requests to open the first webpage according to the opening request of the first webpage;
and the first detection unit is used for detecting the number of the web pages requested to be opened by the target web page.
And the second detection unit is used for detecting whether the first webpage requests to open a second webpage or not if the number of the webpages is not more than the preset number.
Further, the event determining module 1120 may further include: a return detection submodule and a return determination submodule, wherein:
a return detection submodule for detecting whether there is a continuous return request;
and the return judgment submodule is used for judging that a malicious event exists if continuous return requests exist.
Further, before the detecting whether there is a continuous return request, the web page processing device 1100 may further include: a second detection module, wherein:
and the second detection module is used for detecting whether the first webpage requests to open a second webpage or not.
In this case, the return detection submodule includes: and the return detection unit is used for detecting whether continuous return requests exist or not if the first webpage does not request to open the second webpage.
Further, the return detection sub-module includes: number of times totaling unit and number of times judgement unit, wherein:
the number accumulation unit is used for accumulating the triggering number of the return request in a preset time interval when the return request is detected to be triggered;
and the number judging unit is used for judging that the continuous return request exists when the triggering number exceeds a preset triggering number.
Further, the web page display module includes: a request response submodule and a display prohibition submodule, wherein:
a request response submodule, configured to respond to at least one of continuous return requests for prohibiting display of the first web page when the continuous return requests are detected based on a predetermined priority, where a priority in response to the return request is higher than a priority in response to an open request of a web page;
and the display prohibition submodule is used for responding to the return request and prohibiting the first webpage from being displayed.
The web page processing apparatus provided in the embodiment of the present application is used to implement the corresponding web page processing method in the foregoing method embodiment, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
In the several embodiments provided in the present application, the coupling between the modules may be electrical, mechanical or other type of coupling.
In addition, functional modules in the embodiments of the present application may be integrated into one processing module, or each of the modules may exist alone physically, or two or more modules are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode.
Referring to fig. 12, a block diagram of an electronic device according to an embodiment of the present disclosure is shown. The electronic device 1200 may be a smartphone, a tablet computer, an electronic book, a notebook computer, a personal computer, or other electronic device capable of running an application. The electronic device 1200 in the present application may include one or more of the following components: a processor 1210, a memory 1220, and one or more applications, wherein the one or more applications may be stored in the memory 1220 and configured to be executed by the one or more processors 1210, the one or more programs configured to perform the methods as described in the foregoing method embodiments applied to a terminal device.
Processor 1210 may include one or more processing cores. The processor 1210, using various interfaces and connections throughout the electronic device 1200, performs various functions and processes data of the electronic device 1200 by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 1220, and invoking data stored in the memory 1220. Alternatively, the processor 1210 may be implemented in hardware using at least one of Digital Signal Processing (DSP), Field-Programmable Gate Array (FPGA), and Programmable Logic Array (PLA). The processor 1210 may integrate one or more of a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), a modem, and the like. Wherein, the CPU mainly processes an operating system, a user interface, an application program and the like; the GPU is used for rendering and drawing display content; the modem is used to handle wireless communications. It is understood that the modem may not be integrated into the processor 1210, but may be implemented by a communication chip.
The Memory 1220 may include a Random Access Memory (RAM) or a Read-Only Memory (Read-Only Memory). The memory 1220 may be used to store instructions, programs, code, sets of codes, or sets of instructions. The memory 1220 may include a stored program area and a stored data area, wherein the stored program area may store instructions for implementing an operating system, instructions for implementing at least one function (such as a touch function, a sound playing function, an image playing function, etc.), instructions for implementing various method embodiments described below, and the like. The data storage area may also store data created by the electronic device 1200 during use (e.g., phone book, audio-video data, chat log data), etc.
Referring to fig. 13, a block diagram of a computer-readable storage medium according to an embodiment of the present application is shown. The computer-readable storage medium 1300 has stored therein program code that can be invoked by a processor to perform the methods described in the above-described method embodiments applied to the second terminal.
The computer-readable storage medium 1300 may be an electronic memory such as a flash memory, an EEPROM (electrically erasable and programmable read only memory), an EPROM, a hard disk, or a ROM. Alternatively, the computer-readable storage medium 1300 includes a non-volatile computer-readable storage medium. The computer-readable storage medium 1300 has storage space for program code 1310 for performing any of the method steps described above. The program code can be read from or written to one or more computer program products. The program code 1310 may be compressed, for example, in a suitable form.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not necessarily depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims (13)

1. A method for processing a web page, the method comprising:
acquiring an opening request of a first webpage;
if the opening request of the first webpage is not triggered by the user, judging whether a malicious event exists or not;
and if the malicious event exists, forbidding displaying the first webpage.
2. The method of claim 1, wherein the determining whether a malicious event exists comprises:
determining a target webpage requesting to open the first webpage according to the opening request of the first webpage;
detecting the number of the web pages requested to be opened by the target web page;
and when the number of the web pages exceeds a preset number, judging that a malicious event exists.
3. The method of claim 2, wherein the inhibiting the display of the first webpage comprises:
and forbidding displaying the webpage requested to be opened by the target webpage.
4. The method of claim 1, wherein the determining whether a malicious event exists comprises:
detecting whether the first webpage requests to open a second webpage or not;
and if the first webpage requests to open a second webpage, judging that a malicious event exists.
5. The method of claim 4, further comprising:
and forbidding displaying the second webpage.
6. The method of claim 4, wherein the detecting whether the first webpage requests to open a second webpage comprises:
determining a target webpage requesting to open the first webpage according to the opening request of the first webpage;
detecting the number of the web pages requested to be opened by the target web page;
and if the number of the webpages does not exceed the preset number, detecting whether the first webpage requests to open a second webpage or not.
7. The method according to any one of claims 1-6, wherein said determining whether a malicious event exists comprises:
detecting whether a continuous return request exists;
and if the continuous return requests exist, judging that the malicious event exists.
8. The method of claim 7, wherein prior to said detecting whether there are consecutive return requests, the method further comprises:
detecting whether the first webpage requests to open a second webpage or not;
the detecting whether there is a continuous return request includes:
and if the first webpage does not request to open the second webpage, detecting whether a continuous return request exists.
9. The method of claim 7, wherein the detecting whether there is a continuous return request comprises:
when detecting that a return request is triggered, accumulating the triggering times of the return request in a preset time interval;
and when the triggering times exceed the preset triggering times, judging that the continuous return request exists.
10. The method of claim 1, wherein the inhibiting the display of the first webpage comprises:
responding to at least one return request in the continuous return requests when the continuous return requests are detected based on a preset priority, wherein the priority of responding to the return requests is higher than that of responding to the opening requests of the web pages;
and in response to the return request, prohibiting the first webpage from being displayed.
11. A web page processing apparatus, characterized in that the apparatus comprises:
the request acquisition module is used for acquiring an opening request of a first webpage;
the event judgment module is used for judging whether a malicious event exists or not if the opening request of the first webpage is not triggered by the user;
and the webpage display module is used for forbidding to display the first webpage if a malicious event exists.
12. An electronic device, comprising:
one or more processors;
a memory;
one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to perform the method of any of claims 1-10.
13. A computer-readable storage medium having program code stored therein, the program code being invoked by a processor to perform the method of any of claims 1-10.
CN202010065603.5A 2020-01-20 2020-01-20 Webpage processing method and device, electronic equipment and storage medium Pending CN111327594A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010065603.5A CN111327594A (en) 2020-01-20 2020-01-20 Webpage processing method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010065603.5A CN111327594A (en) 2020-01-20 2020-01-20 Webpage processing method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN111327594A true CN111327594A (en) 2020-06-23

Family

ID=71168666

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010065603.5A Pending CN111327594A (en) 2020-01-20 2020-01-20 Webpage processing method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111327594A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102664881A (en) * 2012-04-13 2012-09-12 东南大学 Method for positioning hidden service under hypertext transfer protocol 1.1
CN103336693A (en) * 2013-07-04 2013-10-02 北京奇虎科技有限公司 Method and device for establishing refer chain and security detection device
CN105320542A (en) * 2015-11-04 2016-02-10 上海聚力传媒技术有限公司 Method and apparatus for enabling mobile terminal to exit abnormal interface
CN105809027A (en) * 2014-12-29 2016-07-27 北京奇虎科技有限公司 Application program authority control method and device
CN109840418A (en) * 2019-02-19 2019-06-04 Oppo广东移动通信有限公司 Jump control method, device, storage medium and the terminal of application program
US10397250B1 (en) * 2016-01-21 2019-08-27 F5 Networks, Inc. Methods for detecting remote access trojan malware and devices thereof
CN110324288A (en) * 2018-03-31 2019-10-11 汇银宝网络技术股份有限公司 A method of user's checking is carried out based on mobile storage

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102664881A (en) * 2012-04-13 2012-09-12 东南大学 Method for positioning hidden service under hypertext transfer protocol 1.1
CN103336693A (en) * 2013-07-04 2013-10-02 北京奇虎科技有限公司 Method and device for establishing refer chain and security detection device
CN105809027A (en) * 2014-12-29 2016-07-27 北京奇虎科技有限公司 Application program authority control method and device
CN105320542A (en) * 2015-11-04 2016-02-10 上海聚力传媒技术有限公司 Method and apparatus for enabling mobile terminal to exit abnormal interface
US10397250B1 (en) * 2016-01-21 2019-08-27 F5 Networks, Inc. Methods for detecting remote access trojan malware and devices thereof
CN110324288A (en) * 2018-03-31 2019-10-11 汇银宝网络技术股份有限公司 A method of user's checking is carried out based on mobile storage
CN109840418A (en) * 2019-02-19 2019-06-04 Oppo广东移动通信有限公司 Jump control method, device, storage medium and the terminal of application program

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
企鹅号 - 嘶吼ROARTALK: "通过构造特殊的HTTP包来夹送恶意的HTTP请求(上)- 云+社区 - 腾讯云", 《HTTPS://CLOUD.TENCENT.COM/DEVELOPER/NEWS/429653》 *

Similar Documents

Publication Publication Date Title
JP6149107B2 (en) Information recording method, apparatus, program, and recording medium in mobile terminal
US20200387582A1 (en) System and method for analyzing a device
US9208316B1 (en) Selective disabling of content portions
CN106528659B (en) Control method and device for browser to jump to application program
CN103617395A (en) Method, device and system for intercepting advertisement programs based on cloud security
CN109495378B (en) Method, device, server and storage medium for detecting abnormal account
CN107135249B (en) Data downloading method and device
WO2014131306A1 (en) Method and system for detecting network link
CN114341784A (en) Touch event processing method and device, mobile terminal and storage medium
CN115023699A (en) Malicious process detection method and device, electronic device and storage medium
CN104809120B (en) Information processing method and device
CN107526499B (en) Message processing method and device
CN106789413B (en) Method and device for detecting proxy internet surfing
CN114157568B (en) Browser secure access method, device, equipment and storage medium
CN111327594A (en) Webpage processing method and device, electronic equipment and storage medium
CN109831417B (en) Method, device, server and storage medium for processing account number for preventing harassment
CN112312192A (en) Bullet screen message notification method and terminal equipment
CN105590057B (en) Webpage security index evaluation method and device
CN112395029A (en) Application program interface display method and device, electronic equipment and storage medium
CN111338710A (en) Application program control method and device, electronic equipment and storage medium
CN113987472B (en) Webpage browsing security detection method, device and system
CN112673663A (en) Pseudo base station processing method, pseudo base station processing device, mobile terminal and storage medium
US20210374240A1 (en) Systems, methods, and media for identifying and responding to malicious files having similar features
US9582368B2 (en) Method and apparatus for text input protection
CN110149246B (en) Shared internet access detection method and system, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200623